search

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.
https://github.com/projectdiscovery/nuclei
MIT License
9.2k stars 2.6k forks source link

CVE-2022-41040 MSExchange 0day #5602

Closed alphaO4 closed 9 months ago

alphaO4 commented 2 years ago

Template Information:

This Template was shamelessly stolen from here. This is a simple, functional template to determine if the Exchange server is vulnerable to CVE-2022-41040.

Nuclei Template:


id: owa

info:
  name: CVE-2022-41040 Scan
  author: twitter.com/numanturle
  severity: high
  tags: CVE-2022-41040

requests:
  - method: GET
    path:
      - "{{BaseURL}}/autodiscover/autodiscover.json?@URL/&Email=autodiscover/autodiscover.json%3f@URL"

    matchers-condition: and
    matchers:

      - type: word
        words:
          - "IIS Web Core"
        part: body
        condition: and

      - type: word
        words:
          - "X-BackEndCookie"
        part: header
        condition: and
ehsandeep commented 9 months ago

Apologies for the delayed response, closing this PR as we are unable to verify the template due to insuffient information to verify this vulnerability.